A couple weeks ago I was composing an email to my dear buddy Chuck when I noticed something odd at the top of my message. In Gmail, I have three different email addresses – a personal one, one for my personal blog and one for DR101. I can differentiate what address I’m sending a message from, but on this particular day – the outgoing email in the message did not belong to me whatsoever – unless, of course, my name is Frank.
As it turns out, unbeknownst to me my personal email (but not my name) had been sending out “resume” emails to various people. I spent a panicked hour that morning changing every password that I could think of that might have been emailed to me at some point in the history of my Gmail accounts.
I’m not entirely sure how I could have prevented this, although I’ll be honest – my passwords probably leave a lot to be desired. If you know any of my nephews, my birthday or my favorite musician, you’ll have a good chance at hacking my password. (I dated a guy once who used obscure German battle terminology for his passwords – so glad I didn’t stick with him …)
Here’s a couple of articles that I read when I was trying to diagnose my hacking problem and what to do about this. Although this doesn’t have much to do with being frugal, the time and energy that I spent that morning when I discovered my account was hacked could have been easily averted if I would have taken a few safety precautions in regularly changing my email (and other) passwords.
http://lifehacker.com/5051905/how-to-protect-your-email-from-hackers
http://www.itsecurity.com/features/99-email-security-tips-112006/
http://www.dnxpert.com/2008/12/05/email-hacking-and-how-to-protect-your-accounts/
http://lifehacker.com/software/passwords/geek-to-live–choose-and-remember-great-passwords-184773.php
I’m probably way overly paranoid on online security, but the best method of password creation I’ve found is to use the first letter of each word in a phrase (like an 8-word phrase) that you can easily remember, and use those letters as your password. Longer the better, and replace one letter with a digit. Impossible to guess or use a dictionary attack on, and 8 characters is pretty strong.
And it goes without saying, never write down passwords if you can help it, and always make sure anything you’re typing a password into is an “https”, as that means it’s been transmitted encrypted (this is not 100% security but it’s a lot better than clear text)